Webhook Audit Logs

The following section documents environment variables for configuring AIStor to publish audit logs to an HTTP webhook endpoint. See Publish Audit Logs to HTTP Webhook for more complete documentation and tutorials on using these environment variables.

export MINIO_AUDIT_WEBHOOK_ENABLE_PRIMARY="on"
export MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_PRIMARY="TOKEN"
export MINIO_AUDIT_WEBHOOK_ENDPOINT_PRIMARY="http://webhook-1.example.net"
export MINIO_AUDIT_WEBHOOK_CLIENT_CERT_SECONDARY="/tmp/cert.pem"
export MINIO_AUDIT_WEBHOOK_CLIENT_KEY_SECONDARY="/tmp/key.pem"

export MINIO_AUDIT_WEBHOOK_ENABLE_SECONDARY="on"
export MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_SECONDARY="TOKEN"
export MINIO_AUDIT_WEBHOOK_ENDPOINT_SECONDARY="http://webhook-1.example.net"
export MINIO_AUDIT_WEBHOOK_CLIENT_CERT_SECONDARY="/tmp/cert.pem"
export MINIO_AUDIT_WEBHOOK_CLIENT_KEY_SECONDARY="/tmp/key.pem"

mc admin config set audit_webhook \
   endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]

mc admin config set audit_webhook:primary \
   endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]

mc admin config set audit_webhook:secondary \
   endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]

Specify “on” to enable publishing audit logs to the HTTP webhook endpoint. Requires specifying MINIO_AUDIT_WEBHOOK_ENDPOINT.

The HTTP endpoint of the webhook.

An authentication token of the appropriate type for the endpoint. Omit for endpoints which do not require authentication. To allow for a variety of token types, AIStor creates the request authentication header using the value exactly as specified. Depending on the endpoint, you may need to include additional information.

For example, for a Bearer token, prepend Bearer:

export MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_myendpoint="Bearer 1a2b3c4f5e"

Modify the value according to the endpoint requirements. A custom authentication format could resemble the following:

export MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_xyz="ServiceXYZ 1a2b3c4f5e"

Consult the documentation for the desired service for more details.

Collect and send the specified number of events to the webhook as a batch. If not set, AIStor sends one event per request.

The x.509 client certificate to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.

The x.509 private key to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.

Specify the directory path, such as /opt/minio/events, to enable MinIO’s persistent event store for undelivered messages. The AIStor process must have read, write, and list access on the specified directory. AIStor stores undelivered events in the specified store while the webhook service is offline and replays the stored events when connectivity resumes.

An integer value to use for the queue size for audit webhook targets. The default is 100000 events.